QUESTION 183Your customer is having wireless VoIP problems. When the Cisco 7925 phones roam from AP1 to AP2, the voice drops out and comes back. The phones are set up for PEAP/WPA2-AES with CCKM to an external RADIUS server. The APs and WLAN are setup up in FlexConnect mode. Which statement explains the issue?

A. The APs have not been added to the FlexConnect group.B. PEAP with WPA2-AES is not supported with Cisco Centralized Key Management, use EAP-FAST.C. PEAP with WPA2-AES is not supported with Cisco Centralized key Management, use LEAP.D. The APs have been added to the FlexConnect Group.

Answer: A

QUESTION 184You have received a new Cisco 5760 Controller and have gone through the initial startup wizard. You are now trying to add APs to the controller, but these are not joining. Which three checksshould you do next? (Choose three.)

A. Check that the radios are not in a shutdown state.B. Check the country code of the controller. The APs do not join the controller if the country code does not match.C. Check that the correct time is set on the controller.D. Check that option 53 has been set in the DHCP scopeE. Check that the controller has enough AP licenses.F. Check that the controller has been configured with the correct hostname. Otherwise, DNS resolution fails.

Answer: BCE

QUESTION 185Refer to the exhibit. A network administrator is installing a new converged access Cisco WLC. The uplink connection is to be a Gigabit port channel. Which characteristic is true?

A. The port channel mode is set to active and sends PDUs at 30 sec intervals.B. The port channel mode is set to active and sends PDUs at 1 sec intervals.C. The port channel uses a Cisco proprietary protocol.D. The port-channel member interfaces must be set to trunk mode.E. The port channel is currently down.

Answer: A

QUESTION 186Which option in the Cisco Identity Services Engine checks that the user authentication comes from a domain computer?

A. It is not possible to validate the computer domain membership through ISE.B. Group Policy ObjectsC. Machine Access RestrictionD. Active Directory Attributes.E. An identity source sequence can be used to perform this check.

Answer: C

QUESTION 187Refer to the exhibit. Which statement about the rogue access point screenshot is true?

A. AP-2 sends de-authentication packets oon air using BSSID 74:a2:e6:71:51:c3 as part ofcontainment process.B. This rogue AP is working on channel 1 and is manually contained using all detecting access points.C. SSID on this rogue AP is WMM enabled and this rogue AP is contained by single closest detecting access point at a given time.D. This rogue AP is contained by AP-1 and AP-2 in round-robin fashion during off-channel scan period.

Answer: C

QUESTION 188Refer to the exhibit. Which statement about this CPU ACL is correct?

A. This CPU ACL is used as a redirection aCL to redirect all traffic except Telnet to 172.21.153.37.B. A user on the 10.64.0.0/24 network can use Telnet to access the WLC IP address on172.21.153.37.C. A user on the 10.64.0.0/24 network cannot use Telnet to access the WLC IP address on172.21.153.37.D. A user on the 10.64.0.0/24 network cannot use SSH to access the WLC IP address on172.21.153.37.E. A user on the 10.64.0.0/24 network cannot use HTTPS to access the WLC IP address on

QUESTION 190Drag and Drop QuestionConsider the association process of a wireless client to an SSID.Drag and drop the client actions from the left into the correct order of operation on the right.

Answer:

QUESTION 191Refer to the exhibit. It belongs to a Cisco IOS AP with just one radio. This portion of configuration refers to a multiple SSID/VLAN configuration. Which statement is correct?

A. The configuration does not allow for non-corporate clients to connect to any SSID Guest traffic.There fore will not allowed.B. `mbssid guest-mode’ is used to allow broad cat of multiple SSIDs on the radio interface. No other `mbssid” commands are needed to achieve this functionality.C. The AP must have subinterfaces 80,81,and 82 configured on the Radio 0 and Ethernet interfaces.D. The SSID “EAP” will allow clients to connect to it using any EAP authentication method such as EAP-TLS.

QUESTION 192You have been hired to install new Cisco switches at ACME Corporation. The company has an existing Cisco network comprised of access layer switches that use multiple VLANs and VLAN trunking protocol to distribute the VLANs to the switches throughout the network.Which two methods are best to accomplish your task? (Choose two.)

A. Configure the VLAN Trunking Protocol pruning on the new switches because they may notneed all of the VLANs.B. Prior to installation, ensure that all switches are running the same Cisco IOS software version as the VTP server.C. Ensure that all the new Cisco switches have their VTP domain name set to the default value of “null”D. Configure one of the new switches as a VTP server to distribute the VLANs appropriately.E. Ensure that all switches are running the same VTP version.F. Ensure that all switches have the same VLAN Trunking Protocol password and encryption level.G. Configure all new switches as VTP clients and relocated switches as VTP server because they already have all the VLANs in their database.